package parity.coop;

import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.testing.TestIndependenceUtil;
import java.util.Collections;
import java.util.List;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import utils.MdsTestUtil;

@Test
/* loaded from: input_file:parity/coop/ParitySmokeTest.class */
public class ParitySmokeTest extends ParityTestBase {
    private final String acme = TestIndependenceUtil.uniquify("acme");
    private final String bob = TestIndependenceUtil.uniquify("bob");
    private final String bobPrincipal = "User:" + this.bob;
    private final String lkc = TestIndependenceUtil.uniquify("acme-lkc");
    private final MdsScope acmeStg = new MdsScope(new Scope.Builder(new String[0]).addPath("organization=" + this.acme).addPath("environment=stg").build());
    private final MdsScope acmeStgLkc1 = childScope(this.acmeStg, "cloud-cluster=" + this.lkc);
    private final List<Action> readTopicLkc1 = Collections.singletonList(new Action(this.acmeStgLkc1.scope(), new ResourceType("Topic"), "sushi", new Operation("Read")));

    @BeforeClass
    public void setup() {
        this.ldapCrud.createUsers(new String[]{this.bob});
    }

    @Test
    public void testFlow() throws Exception {
        V2RbacRestApi build = V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, ParitySuite.U_FLOW_SERVICE_ADMIN);
        V2RbacRestApi build2 = V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, this.bob);
        Assert.assertEquals(((List) build.getRoleNamesForPrincipal(this.bobPrincipal, this.acmeStg).execute().body()).size(), 0);
        Assert.assertEquals(build2.addClusterRoleForPrincipal("User:Dave", "CloudClusterAdmin", this.acmeStgLkc1).execute().code(), 403);
        Assert.assertEquals(((List) build2.authorize(new AuthorizeRequest(this.bobPrincipal, this.readTopicLkc1)).execute().body()).get(0), AuthorizeResult.DENIED);
        Assert.assertEquals(build.addClusterRoleForPrincipal(this.bobPrincipal, "EnvironmentAdmin", this.acmeStg).execute().code(), 204);
        Assert.assertEquals(((List) build.getRoleNamesForPrincipal(this.bobPrincipal, this.acmeStg).execute().body()).size(), 1);
        Assert.assertEquals(build2.addClusterRoleForPrincipal("User:Dave", "CloudClusterAdmin", this.acmeStgLkc1).execute().code(), 204);
        Assert.assertEquals(((List) build2.authorize(new AuthorizeRequest(this.bobPrincipal, this.readTopicLkc1)).execute().body()).get(0), AuthorizeResult.ALLOWED);
        Assert.assertEquals(build.removeRoleForPrincipal(this.bobPrincipal, "EnvironmentAdmin", this.acmeStg).execute().code(), 204);
        Assert.assertEquals(((List) build.getRoleNamesForPrincipal(this.bobPrincipal, this.acmeStg).execute().body()).size(), 0);
        Assert.assertEquals(build2.addClusterRoleForPrincipal("User:Dave", "CloudClusterAdmin", this.acmeStgLkc1).execute().code(), 403);
        Assert.assertEquals(((List) build2.authorize(new AuthorizeRequest("User:" + this.bob, this.readTopicLkc1)).execute().body()).get(0), AuthorizeResult.DENIED);
    }
}
